The App on Your Phone

You've been here before. Not in this essay — in the system. You opened an app this morning. You scrolled. You searched for something, maybe bought something, maybe just watched. You gave data to a platform without reading the terms that govern what happens to it.

That's not a criticism. It's a description of how almost every person with a smartphone moves through their day. The terms are long, the consent is buried, and the alternative — refusing every platform that collects data — isn't a realistic option for most people. The system was designed to be used. It was also designed to collect.

In Essay One, we documented a surveillance system built and refined in Xinjiang, China, on a population that had no ability to refuse participation. In Essay Two, we followed that system out of Xinjiang through Belt and Road infrastructure into 64 countries, including liberal democracies. This essay asks where it ended up. The answer is in your pocket. This essay shows you the documented evidence for that claim — and then it asks a question the series has been building toward since the first sentence of Essay One.

What You Agreed To

Every app you install asks for permissions. Most people tap through them. Here is what the documented record shows about what two of the most popular Chinese-owned consumer apps — TikTok and Temu — actually collect.

Documented Fact TikTok's own privacy policy discloses that the app collects: age, phone number, precise GPS location, IP address, device identifiers, phone contacts, social network connections, content of private messages, keystroke patterns and rhythms, voiceprints, and a complete record of videos watched. A 2023 US Congressional resolution confirmed this data profile and added that it extends to biometric identifiers.

Structural Observation This is not a data profile built for showing you relevant videos. It is a profile built for knowing who you are, where you are, who you know, what you believe, and how you type.

Documented Fact Temu's data collection has been the subject of multiple state attorney general investigations across the United States. A 2023 report by short-seller firm Grizzly Research — which has a financial interest in the company's stock price — found that the Temu app requests permissions far exceeding what a retail shopping platform requires, including precise location at all times, access to device contact lists, and read access to local files and storage. The report identified encrypted outbound data traffic from the app that analysts assessed could not be explained by normal shopping functions — an interpretation Temu disputes. In a 2024 lawsuit, Arkansas Attorney General Tim Griffin alleged that Temu is "purposefully designed to gain unrestricted access to a user's phone operating system" — including camera, contacts, text messages, documents, and other applications — and is "designed to make this expansive access undetected, even by sophisticated users." These are allegations in active litigation; Temu denies them.

Documented Fact Temu's parent company is PDD Holdings. PDD Holdings has documented partnerships with entities connected to state-affiliated data infrastructure in China. Under China's 2017 National Intelligence Law, PDD Holdings — like all Chinese companies — can be compelled to share data with Chinese government agencies upon request, with no obligation to notify users.

The Legal Architecture

Both TikTok and Temu deny sharing user data with the Chinese government. Those denials may be sincere. They are also, under Chinese law, structurally insufficient.

Documented Fact China's 2017 National Intelligence Law, Article 7, states that "all organizations and citizens shall support, assist, and cooperate with national intelligence efforts." The law does not distinguish between state-owned and private companies. It applies to Chinese companies operating overseas. It requires that any cooperation with intelligence services be kept secret — meaning a company cannot legally disclose to its users that it has been asked to share their data. A denial of data sharing does not reliably distinguish between cooperation and non-cooperation. Under the law's terms, a company that had cooperated with an intelligence request would be legally obligated to issue exactly the same denial.

Documented Fact A US Department of Homeland Security advisory states explicitly that Chinese firms operating under this framework "are required to secretly share data with the PRC government or other entities upon request, even if that request is illegal under the jurisdiction in which these firms operate." The advisory also notes that the National Intelligence Law gives the Chinese state the ability to direct firms to covertly install backdoors into their equipment or software, "allowing for easy access by PRC intelligence services."

Structural Observation This is the legal architecture of the pipeline. The Xinjiang surveillance system was built by companies subject to this law. The Belt and Road infrastructure was deployed by companies subject to this law. The consumer apps on your phone are operated by companies subject to this law. The chain from the laboratory to your pocket is held together by a single legal instrument that was passed, publicly, in 2017 — and that most users of these products have never read.

TikTok: The Algorithm and the Access

TikTok is the most scrutinized of these products, and the documented record on it is the most detailed. It is worth examining closely — not because TikTok is uniquely dangerous, but because its documentation reveals mechanisms that apply across the category.

Documented Fact In June 2022, BuzzFeed News reported on audio recordings from 80 internal TikTok meetings in which ByteDance employees discussed access to US user data. In the recordings, employees stated that US user data had been "repeatedly accessed" by China-based employees, and that "everything is seen in China." TikTok disputes the characterization. The recordings exist.

Documented Fact In a 2023 court filing, former ByteDance employee Yintao Yu alleged under penalty of perjury that CCP officials used a "god credential" — a tool that bypassed all privacy protections — to access TikTok user data, locations, and communications in order to identify and locate pro-democracy protesters in Hong Kong. Yu stated he personally viewed access logs showing the committee's use of this tool. Security experts at CSIS and the University of Toronto's Citizen Lab assessed this as the first reported allegation of CCP officials actually accessing TikTok user data. ByteDance disputes the allegation. Yu filed it under penalty of perjury — meaning the statement was made under the legal obligation to tell the truth, with criminal liability for deliberate falsehood.

Documented Fact TikTok's domestic Chinese equivalent is called Douyin. It runs on the same underlying technology. The documented differences between the two apps are striking. Douyin prohibits certain content types, limits children's usage to 40 minutes per day, and prioritizes educational content. TikTok — the version exported globally — carries no such restrictions. In congressional testimony, FBI Director Christopher Wray stated his assessment that TikTok's algorithm was designed in China and is subject to Chinese government control — a claim TikTok disputes and that has not been independently verified through technical analysis of the source code, which ByteDance has refused to surrender.

Structural Observation Two versions of the same product. One designed for the domestic population under CCP governance. One designed for export. The differences are not accidental. They are documented product decisions. A government that limits its own children to 40 minutes of the app per day, and prioritizes educational content in their feed, made a different choice for the version it sells to everyone else's children.

Temu: The Store That Knows Everything

Temu arrived in the United States in September 2022. By 2023 it was the most downloaded free app in the country. The price points are extraordinary — electronics, clothing, household goods at fractions of what equivalent items cost elsewhere. The business model, on its face, makes no economic sense. Analysts have noted that Temu appears to sell goods below cost. Understanding why requires understanding what the product actually is.

Documented Fact CSIS Senior Associate Diane Rinaldo, quoted in a Norton Security analysis, described Temu as "an information-gathering spyware program masquerading as an e-commerce site." Rinaldo's characterization has not been independently published by CSIS directly; the Norton blog is the available secondary source for this quote. It is included here for its institutional attribution — a senior researcher at a major national security institution, not a political commentator or short-seller.

Documented Fact Temu's parent company PDD Holdings previously operated a separate shopping app called Pinduoduo. In March 2023, Google removed Pinduoduo from the Play Store after finding the app contained malware that exploited Android vulnerabilities to bypass user security permissions — accessing private messages, modifying settings, and preventing uninstallation. Court filings in related litigation allege that a majority of the engineers who developed that software were subsequently transferred to work on Temu; this claim has not been independently verified outside of those filings.

Documented Fact A Kentucky state investigation — conducted independently, not derived from private research — concluded that Temu collected and transferred far more sensitive user data than disclosed in its privacy policy, including precise GPS data and app usage data, and that the app was designed to hide these practices during security checks. The investigation also noted that under Chinese law, any data collected by Temu may be accessed by the Chinese government upon request — with no obligation to notify users.

The Same System

Here is what the three essays in this series have documented, laid end to end.

In Xinjiang, a surveillance system was built that generates behavioral profiles from the data of ordinary life — location, purchases, communications, movement patterns, social connections. That system was built by companies legally required to cooperate with Chinese state intelligence. It was tested on a captive population. It proved that ambient data collection, processed at scale, produces actionable intelligence about individuals — who they are, what they believe, who they know, where they will be.

That system was then packaged as infrastructure — smart city contracts, telecommunications networks, data centers — and distributed through Belt and Road financing to 64 documented countries. The mechanism of distribution included a software update system that meant foreign governments didn't buy a static product. They inherited a living system whose capabilities were continuously developed and deployed without renegotiation.

And then the same companies — subject to the same laws, operating under the same legal obligation to cooperate secretly with Chinese intelligence — built consumer products. Shopping apps. Social media platforms. Video editors. The data profile constructed by TikTok from 150 million American users is not categorically different from the data profile the IJOP system built on Xinjiang residents. Location. Contacts. Communications. Behavioral patterns. Biometrics. The architecture is the same. The stakes, for most users, are lower. But the structure is identical.

Structural Observation This is not a claim that TikTok users are being surveilled the way Xinjiang residents are surveilled. The contexts are different. The consequences are different. The claim is more precise: the data collection infrastructure that operates inside your consumer apps was built by the same companies, under the same legal framework, using techniques refined on a population that had no ability to refuse. The continuity documented here is structural and institutional — a shared legal architecture, shared companies, and similar data collection patterns — not a claim of direct codebase or system transfer between Xinjiang and consumer products. The retail version of a system is still that system.

The Question

This series was built around a commitment: we document the pattern, we don't prescribe the response. That commitment holds here. This essay is not telling you to delete your apps. It is not telling you that you are in danger. It is telling you what the documented record shows — and then it is going to ask you something.

The system described across these three essays is built on a specific architecture. Data flows in one direction. It is collected from hundreds of millions of people, aggregated, processed, and interpreted by a small number of actors who have interests those hundreds of millions of people did not negotiate. The people generating the data cannot see the system that processes it. They cannot see what it concludes about them. They cannot see who has access to those conclusions, or what is done with them.

That asymmetry — between those who generate data and those who interpret it — is the operational core of the surveillance state. It is what makes Xinjiang's IJOP system work. It is what makes the consumer app valuable to its operators. The person inside the system cannot see the system. The system can see the person completely.

Hypothesis Every surveillance architecture is built on the assumption that data flows in one direction and is interpreted by one party. That assumption has never been technically necessary. It is a design choice. A system that makes the data visible to the people who generate it — that shows users what is collected, what is inferred, what profile has been built, who has accessed it — would be the same infrastructure pointed in the opposite direction. Not a different technology. The same technology, with a different answer to the question of who gets to see.

The Uyghur residents of Xinjiang who were flagged by IJOP for downloading a file-sharing app did not know they had been scored. The TikTok user whose feed has been shaped by an algorithm they cannot audit does not know what that algorithm has concluded about them. The Temu customer whose device permissions were harvested for data beyond what any shopping app requires does not know what profile has been assembled from their phone.

What would it mean for them to know?

Not to opt out. Not to resist. Just to see — with the same clarity that the system sees them.

That question is not answered here. This series doesn't have the answer. What it has is the documented record of a system that was built, tested, shipped, and is now running — and the observation that the architecture of surveillance and the architecture of transparency are, at their core, the same thing pointed in different directions.

The pattern has revealed itself. What you do with it is yours.